Open Redirect

URL redirection or open redirect.

Vulnerability Name: Open redirect on [Parameter] at [Domain name]

Vulnerability Description: An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain.

[Don't forget to add your vulnerability description, the one given above is a general description]

Payload: [Malicious payload]

Steps to Reproduce:

  1. Go to the [URL]

  2. Now change the value of [vulnerable param] to attacker.com

  3. You will be redirected to the attacker-controlled domain.

Proof-of-concept: Snapshots or video link attached.

Impact:

  1. It can lead to a Phishing attack.

  2. An attacker might forcefully download the malware on the victim's machine by redirecting the victim to the attacker's server.

Attack Scenario: Here an attacker can intentionally send the URL to the victim as a part of an email or even a message. As the link starts with the legit domain victim will have no idea of a redirection.

[The above was a basic attack scenario you need to alter it according to the Workflow]

Remediation: If possible, applications should avoid incorporating user-controllable data into redirection targets. In many cases, this behavior can be avoided in two ways:

  • Remove the redirection function from the application, and replace links to it with direct links to the relevant target URLs.

  • Maintain a server-side list of all URLs that are permitted for redirection. Instead of passing the target URL as a parameter to the redirector, pass an index into this list.